My recent literature reviews have centered around various methods for securing and remotely attesting cloud-native and virtualized network functions (CNFs/VNFs) that are deployed as part of an open 5G network. Lots of work has been done in the SDN/NFV security, remote attestation, software-defined perimeter (SDP), and zero-trust architecture (ZTA) spaces; however, I have found only a couple of studies that consider highly orchestrated workloads in which microservices are migrated, spun up, or spun down to match fluctuating demand. This practice of continuous integration and deployment (CI/CD) may disrupt network service meshes (NSM) and service function chains (SFC) that rely on the availability of multiple microservices.
This topic is closely aligned to what was formerly known as the “Operate Through” mission of the Department of Defense’s FutureG R&D program. The goal of the mission continues to be achieving secure communications over untrusted 5G networks. The programmability of a disaggregated, cloud-native, multi-vendor ORAN presents unique opportunities to implement controls beyond what is deemed mandatory per 3GPP security specifications. The objective here is, by using current and emerging 5G ORAN standards and equipment, that military applications may one day operate over public 5G networks with the necessary security and resiliency to comply with standing data protection policies.
Stay tuned as I will be studying this subject in considerable depth for my second conference paper.